epassport hacking reloaded - power of communitypowerofcommunity.net/poc2008/lukas.pdf ·...
TRANSCRIPT
ePassport Hacking Reloaded
Lukas GrunwaldDN-Systems GmbH Germany
Power of Community 2008Korea
Agenda
MotivationSome basicsBrief overview ePassport (MRTD)Why cloning? How to attack the systemBAC (Basic Access Control)EAC (Extended Access Control)Enrollment: Unexpected risks
Motivation - MRTD
This image is a work of a Federal Bureau of Investigation employee, taken or made during the course of an employee's official duties. As a work of the U.S. federal government, the image is in the public domain.
The Government’s Dream
Multi biometric, double gates, antiMulti biometric, double gates, anti--tailgating, lightlytailgating, lightly-- supervised (to maintain nonsupervised (to maintain non--automated entry channels)automated entry channels)
The Industry’s Solution
Government first asked Security Print ShopsThese are general and global print shopsExtensive know-how in secure printingNo know-how in IT security / cryptographyNever done an IT security project
Security Print Shops asked Smart Card Industry
Focus on selling their productsAdvocates multi-purpose use
Industry Ideas for the ePassport
Multi-purpose useIdentical design for national ID cardsUse for electronic bankingeGovernmentElectronic signatureEmail encryptionID and travel / PassportElectronic payment
Design GoalsUse of cryptography / PKIHeavy use of biometrics100% security against counterfeitingImprove facilitation
Minimize time spent on legitimate travelersSegmentation of low-, high-risk travelersMinimize immigration time for traveler
Design ApproachSetting up a standards group at the ICAOStuffed with printing expertsSome crypto experts
Only worked on algorithm levelNo one knows about implementationDriven by RFID manufacturesNo one looked at risks / design goals (KISS)
Problems with Patents
To store biometric data, typically a HASH is generated and stored (for fast comparison)Most of these HASHES are patentedICAO stores pictures of facial image
JEPG or JEPG2000Same with fingerprintsCompromises don't work with security
ePassports
This image is a work of a United States Department of Homeland Security employee, taken or made during the course of an employee's official duties.
As a work of the U.S. federal government, the image is in the public domain.
MRTDMachine Readable Travel Document aka Electronic Passports (ePassports)Specifications by ICAO
(International Civil Aviation Organization)
Enrollment on a global basis
ePass from Germany
RFID tag embedded into the coverProduced by the Bundesdruckerei GmbHNo shield, readable even when passport cover is closed
2D Code and MRZ
Passport with 2D barcode and MRZ (machine readable zone)
MRTD Data-LayoutLDS (Logical Data Structure)
Data is stored in DG (Data Groups)DG1: MRZ information (mandatory)DG2: Portrait image + biometric template (mandatory)DG3-9: Fingerprints, iris image (optional)EF.SOD: Security Object Data (cryptographic signatures)EF.COM: List of existing Data Groups
Data is stored BER-encoded like ASN.1DG2-DG4 uses CBEFF for encoding(Common Biometric File Format, ISO 19785)
MRTD Security FeaturesRandom UID for each activation
Normally all ISO 14443 transponders have a fixed unique serial numberThe UID is used for anti-collisionPrevent tracking of owner without access controlProblem: ICAO MRTD specs don't require unique serial numberOnly some countries will generate random serial numbers
Passive AuthenticationThis method is mandatory for all passportsMethod of proof that the passport files are signed by issuing countryInspection system to verify the hash of DG's
EF.SOD contains individual signatures for each DGEF.SOD itself is signedDocument signer public key from PKD / bilateral channelsDocument signer public key can be stored on the passportUseful only if country’s root CA public key known
Signed Data
EF.DG2 EF.DG3EF.COM EF.DG1
HASH overData
HASH overData
HASH over HASHHASH Signed by
Country CAEF.SOD
Password on Monitor?
Basic Access ControlGrants access to data after inspection systems are authorizedAuthorization through the Machine Readable Zone (MRZ)
Nine digit document numberIn many countries: issuing authority + incrementing numberSix digit date of birth
Can be guessed or assumed to be a valid dateSix digit expiry date16 most significant bytes of SHA1-hash over MRZ_info are used as 3DES key for S/M (ISO7816 secure messaging)
Some European passports (Belgium) don’t have BAC
BAC
The access key is printed on the passportMany times the passport is put on a Xerox machine in:
HotelsRentals (cars, ski, …) Shops (cell phones, ...)
The data from the MRZ is stored in many private databases (airlines, banks …)
BAC And Traceability
With the BAC handshake data known, the random unique ID is worthlessthe MRTD is traceableaccess to the content (LDS-DG.1 &DG.2) is possible access to the SOD is possible
Extended Access Control
Optional method (EAC)Should prevent the unauthorized access to biometric data
Not internationally standardizedImplemented only by individual issuersOnly shared with those countries that are allowed access
Access is only possible with certificates from issuing country
Where is my clock?
Inspection of CV-CertsThe MRTD does not have any reliable and secure time informationOnce a CV is captured, all MRTDs which have been read using a CV issued earlier could be accessedThe biometric data is accessible as wellThe MRTD can not verify the validity of the timestamp from a CV certificateA false CV certificate with an issue date far out in the future can deactivate the MRTD permanently
EAC Risks
A false CV certificate can deactivate the MRTD permanentlyA rogue regime could misuse the CV certificates to obtain fingerprints from passport holdersWith these fingerprints it is possible to produce false evidence
PKI Integration
X.509 CertificatesEvery issuer operates a self-controlled CASigner keys are derived from CA rootPublic keys are distributed via ICAO PKDEveryone can verifyIt is not possible to revoke a certificate on the MRTD
Why Cloning of Passports?The normal tags are read-onlyData could be retrieved from an issued passportDeactivation of issued passport (microwave oven)Cloned tag behaves like an “official” ePassportCloned tag could be extended with exploitsExploit could attack inspection system, backend or databases
Inspection SystemsInspection systems should be evaluatedOff-the-shelf PCs are too complex to be formally validated for correctnessMRTD uses JPEG2000JPEG2000 is very complicated
Easy to exploitFor example, see CVE number CVE-2006-4391 Metasploit and other toolkits make it easy
A Vendor’s Design of an Inspection System
Uses “off-the-shelf” PC´sRFID-Reader is “Designed for Windows XP”No security improvement of the softwareJust like inserting a USB stick containing unknown data into the inspection system
Problem With The Procedure
Data enters the officer'sInspection System at border
Create HASHover pay load
Make inspection decision
Read
Read RFID chip frompassport
Decode LDS
Decode BER inmemory structures
Other DG
Process other DG
Compare
Payload HASH withstored data
Accept or reject ePassport
First, read, data from the RFID chipThen, parse the structuresDecode the payloadFinally, verify the document cryptographically
Biometric Data
Data should be reduced to hashes onlyBut fingerprints will be stored as picturesReverse-engineering of fingerprints possible with MRTD dataContrary to any best practice in IT security
Downgrading Lowest Security of MRTD is accepted as validRemove the Extended Access Control dataMore easy to clone with only Basic Access Control
ePassport is still valid
Chaos of StandardsTLV and ASN.1 not correctly implementedRedundant meta formats for biometric dataIf signing key is lost, the whole country is doomedFirst, the data must be parsed, then it can be verifiedDesign was made by politicians and not by IT security expertsIt is possible to manipulate data
Snake Oil Warning“Trust us, we - the experts - know what we're doing”“We removed the standards from the ICAO website, now we are safe”“Grunwald used the primary purpose of the passport: he read it - there is no security risk”“The RFID chip will be protected by the security features of the printed paper in the passport”
More Quotes
After a short version of this presentation at the “Security Document World 2007” in London I got this comment from a responsible person at the ICAO:“It’s right that these security flaws could harm an IT system, but we have to keep in mind, the ePassport is a security document and has nothing to do with IT systems”
Thank You
Questions?